Print Download PDF Send Feedback

Previous

Next

VPN Command Line Interface (CLI)

VPN Commands

These commands relate to VPN and are also documented in the R77 Command Line Interface Reference Guide.

VPN Command Line interface

Command

Description

VPN

This command and subcommands are used for working with various aspects of VPN. VPN commands executed on the command line generate status information regarding VPN processes, or are used to stop and start specific VPN services.

vpn compreset

This command resets the compression/decompression statistics to zero.

vpn compstat

This command displays compression/decompression statistics.

vpn crl_zap

This command is used to erase all Certificate Revocation Lists (CRLs) from the cache.

vpn crlview

This command retrieves the Certificate Revocation List (CRL) from various distribution points and displays it for the user.

vpn debug

This command instructs the VPN daemon to write debug messages to the log file: $FWDIR/log/vpnd.elg.

vpn drv

This command installs the VPN kernel (vpnk) and

connects it to the Firewall kernel (fwk), attaching the

VPN driver to the Firewall driver.

vpn export_p12

This command exports information contained in the network objects database and writes it in the PKCS#12 format to a file with the p12 extension.

vpn macutil

This command is related to Remote Access VPN, specifically Office mode, generating a MAC address per remote user. This command is relevant only when allocating IP addresses via DHCP.

vpn mep_refresh

This command causes all MEP tunnels to fail-back to the best available gateway, providing that backup stickiness has been configured.

vpn nssm_toplogy

This command generates and uploads a topology (in NSSM format) to a IPSO NSSM server for use by IPSO clients.

vpn overlap_encdom

This command displays all overlapping VPN domains. Some IP addresses might belong to two or more VPN domains. The command alerts for overlapping encryption domains if one or both of the following conditions exist:

  • The same VPN domain is defined for both Security Gateways
  • If the gateway has multiple interfaces, and one or more of the interfaces has the same IP address and netmask.

vpn sw_topology

This command downloads the topology for a SofaWare Security Gateway.

vpn ver

This command displays the VPN major version number and build number.

vpn tu

This command launches the TunnelUtil tool which is used to control VPN tunnels.

SecureClient Commands

The following commands relate to SecureClient.

SecureClient command line interface

Command

Explanation

SCC

VPN commands executed on SecureClient are used to generate status information, stop and start services, or connect to defined sites using specific user profiles.

scc connect

This command connects to the site using the specified profile, and waits for the connection to be established. In other words, the OS does not put this command into the background and executes the next command in the queue.

scc connectnowait

This command connects asynchronously to the site using the specified profile. This means, the OS moves onto the next command in the queue and this command is run in the background.

scc disconnect

This command disconnects from the site using a specific profile.

scc erasecreds

This command unsets authorization credentials.

scc listprofiles

This command lists all profiles.

scc numprofiles

This command displays the number of profiles.

scc restartsc

This command restarts SecureClient services.

scc passcert

This command sets the user's authentication credentials when authentication is performed using certificates.

scc setmode <mode>

This command switches the SecuRemote / SecureClient mode.

scc setpolicy

This command enables or disables the current default security policy.

scc sp

This command displays the current default security policy.

scc startsc

This command starts SecureClient services.

scc status

This is command displays the connection status.

scc stopsc

This command stops SecureClient services.

scc suppressdialogs

This command enables or suppresses dialog popups. By default, suppressdialogs is off.

scc userpass

This command sets the user's authentication credentials -- username, and password.

scc ver

This command displays the current SecureClient version.

scc icacertenroll

This command enrolls a certificate with the internal CA, and currently receives 4 parameters - site, registration key, filename and password. Currently the command only supports the creation of p12 files.

scc sethotspotreg

This command line interface now includes HotSpot/Hotel registration support.

Desktop Policy Commands

The following command lines relate to the Desktop Policy.

Desktop Policy command line interface

Command

Description

dtps ver

This command displays the policy server version.

dtps debug [on|off]

This command starts or stops the debug printouts to $FWDIR/log/dtps.elg

fwm psload <path to desktop policy file> <target>

This command loads the Desktop Policy onto the module. The target is the name of the module where the Desktop Policy is being loaded and should be entered as it appears in SmartDashboard. This command should be run from the management.

For example: fwm psload $FWDIR/conf/Standard.S Server_1

fwm sdsload <path to SDS objects file> <target>

This command loads the SDS database onto the module. The target is the name of the module where the SDS objects file is being loaded and should be entered as it appears in SmartDashboard. This command should be run from the management.

For example: fwm sdsload $FWDIR/conf/SDS_objects.C Server_1